Logfile of HijackThis v1.99.1
Scan saved at 17.35.39, on 05/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\algsrvs.exe
C:\Programmi\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Documents and Settings\paola\Desktop\antivir_workstation_win7u_en_h.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\paola\IMPOST~1\Temp\Rar$EX00.437\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsServer] msfun80.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AudioDeck.lnk = C:\Programmi\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe

Ho problemi ad istallare ogni tipo di antivirus
Ecco il log dell'antivirus avira 1 dei tanti che ho provato ad installare senza successo.

Extracting eula.txt
Extracting readme.txt
Extracting basic\addr_file.html
Extracting filelist.ini
Extracting product.ini
Extracting basic\vista64\avgntflt.inf
Extracting basic\avipbb.inf
Extracting basic\ssmdrv.inf
Extracting basic\avadmin.exe
Cannot create basic\avadmin.exe
Extracting basic\avcenter.exe
Cannot create basic\avcenter.exe
Extracting basic\avconfig.exe
Cannot create basic\avconfig.exe
Extracting basic\avgnt.exe
Cannot create basic\avgnt.exe
Extracting basic\avguard.exe
Cannot create basic\avguard.exe
Extracting basic\avnotify.exe
Cannot create basic\avnotify.exe
Extracting basic\avscan.exe
Cannot create basic\avscan.exe
Extracting basic\guardgui.exe
Cannot create basic\guardgui.exe
Extracting basic\imp64b.exe
Extracting basic\licmgr.exe
Cannot create basic\licmgr.exe
Extracting basic\preupd.exe
Cannot create basic\preupd.exe
Extracting basic\sched.exe
Cannot create basic\sched.exe
Extracting basic\setup.exe
Extracting basic\update.exe
Cannot create basic\update.exe
Extracting basic\wsctool.exe
Cannot create basic\wsctool.exe
Extracting basic\avarkt.dll
Extracting basic\avconfig.dll
Extracting basic\avevtlog.dll
Extracting basic\avewin32.dll
Extracting basic\avgio.dll
Extracting basic\avinet.dll
Extracting basic\avipc.dll
Extracting basic\avnotify.dll
Extracting basic\avpack32.dll
Extracting basic\avpref.dll
Extracting basic\AVReg.dll
Extracting basic\avrep.dll
Extracting basic\avscan.dll
Extracting basic\avwinll.dll
Extracting basic\ccev.dll
Extracting basic\ccevrc.dll
Extracting basic\ccgen.dll
Extracting basic\ccgenrc.dll
Extracting basic\ccgrdrc.dll
Extracting basic\ccguard.dll
Extracting basic\cclib.dll
Extracting basic\cclic.dll
Extracting basic\cclicrc.dll
Extracting basic\ccmainrc.dll
Extracting basic\ccmsg.dll
Extracting basic\ccprofil.dll
Extracting basic\ccquamgr.dll
Extracting basic\ccquarc.dll
Extracting basic\ccreporc.dll
Extracting basic\ccreport.dll
Extracting basic\ccscanrc.dll
Extracting basic\ccsched.dll
Extracting basic\ccscherc.dll
Extracting basic\ccupdate.dll
Extracting basic\ccupdrc.dll
Extracting guardevt.dll
Extracting basic\guardmsg.dll
Extracting basic\licmgr.dll
Extracting basic\luke.dll
Extracting basic\lukeres.dll
Extracting basic\mfc71u.dll
Extracting basic\mgrs.dll
Extracting basic\msgclient.dll
Extracting basic\msvcp71.dll
Extracting basic\msvcr71.dll
Extracting basic\netnt.dll
Extracting basic\psapi.dll
Extracting rchelp.dll
Extracting rcimage.dll
Extracting rctext.dll
Extracting basic\scewxml.dll
Extracting basic\schedr.dll
Extracting basic\setup.dll
Extracting basic\shlext.dll
Extracting basic\shlext64.dll
Extracting basic\smtplib.dll
Extracting basic\sqlite3.dll
Extracting basic\unacev2.dll
Extracting basic\updgui.dll
Extracting basic\updguirc.dll
Extracting basic\updlib.dll
Extracting basic\updlibrc.dll
Extracting wksstats.dll
Extracting basic\avgio.sys
Extracting basic\avgio64.sys
Extracting basic\XP\avgntdd.sys
Extracting basic\NT\avgntdd.sys
Extracting basic\2k\avgntdd.sys
Extracting basic\XP\avgntflt.sys
Extracting basic\2k\avgntflt.sys
Extracting basic\xp64\avgntflt.sys
Extracting basic\vista64\avgntflt.sys
Extracting basic\NT\avgntmgr.sys
Extracting basic\2k\avgntmgr.sys
Extracting basic\XP\avgntmgr.sys
Extracting basic\avipbb.sys
Extracting basic\ssmdrv.sys
Extracting scanjob.avj
Extracting startupd.avj
Extracting updjob.avj
Extracting alldiscs.avp
Extracting alldrives.avp
Extracting folder.avp
Extracting mydocs.avp
Extracting process.avp
Extracting rmdiscs.avp
Extracting rootkit.avp
Extracting sysdir.avp
Extracting sysscan.avp
Extracting basic\common_msg.avr
Extracting basic\update_msg.avr
Extracting basic\vista64\avgntflt.cat
Extracting avwin.chm
Extracting basic\avconfig.cpl
Extracting build.dat
Extracting setupprf.dat
Extracting hbedv.key
Extracting antivir.oem
Extracting weblink.url
Extracting basic\antivir0.vdf
Extracting basic\antivir1.vdf
Extracting basic\antivir2.vdf
Extracting basic\antivir3.vdf
Extracting ccplg.xml
Extracting sweb.zip
Extracting basic\2k
Extracting basic\AMD64
Extracting basic\NT
Extracting basic\vista64
Extracting basic\XP
Extracting basic\xp64
Extracting basic

Ciao, qualche porcheria c'è.
Fai così:
chiudi HijackThis in una cartella a lui dedicata (possibilmente non sul desktop), altrimenti perdi i backup;

<b>Disattiva il Ripristino configurazione di Sistema</b>: ------ > <b>procedura:</b>

<b>avvia in modalità provvisoria</b> ----- > <b>procedura:</b>

<b>rendi visibili le cartelle nascoste</b> ------ > <b>procedura</b>:
da Risorse del computer:
Strumenti >> Opzioni cartella >> visualizzazione;
metti la spunta su:
<i>Visualizza file e cartelle nascoste</i>;
togli la spunta da:
<i>Nascondi file protetti del sistema(consigliato)</i>


Avvia hijackthis, con tutte le applicazioni chiuse, premi su <b>Do a system scan only</b> , spunta ed elimina <b>(fix checked)</b> le seguenti righe:

---

<font color=red>
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.2] msime82.exe
O4 - HKCU\..\Run: [MsServer] msfun80.exe
</font id=red>

---

elimina i file in rosso:
___________________________________________
C:\WINDOWS\system32\<font color=red>algsrvs.exe</font id=red>
C:\Documents and Settings\paola\Desktop\<font color=red>antivir_workstation_win7u_en_h.exe</font id=red>

________________________________________

dovresti cercare e cancellare, se li trovi, i seguenti file:

<font color=red>msime82.exe</font id=red>
<font color=red>msfun80.exe</font id=red>

cancella i file temporanei del tuo profilo;

Vai su Strumenti >> Opzioni Internet, elimina la cronologia, i files temporanei internet, i cookies;

svuota il cestino;

riavvia il computer normalmente.
Fai una scansione antivirus on line a <b>questo indirizzo:</b>.



<b>Alla fine:</b>

rinascondi le cartelle di sistema;
riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
Posta un log aggiornato e riferisci se il problema è risolto.

---

La partizione dell'Hd non c'entra. Prova a entrare in modalità provvisoria in questo modo:

Start >> esegui, digita la parola "<b>msconfig</b>" (senza virgolette. Poi, nella finestra che ti si aprirà, scegli la sezione <b>BOOT.INI</b>, quindi spunta la casella <b>/SABEBOOT</b>. Ti sarà richiesto di riavviare. Se nemmeno con questa procedura ti sarà possibiler entrare in modalità provvisoria, prova a eliminare quanto ti ho indicato in modalità normale (ma sarà difficile). Se non ce la farai in alcun modo dovrai formattare.

---